lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF16EBD8D97@EX2010.hammerofgod.com>
Date: Sat, 22 Jan 2011 17:30:48 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>, imipak
	<imipak@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: "Hacker attacks won't hurt your company brand"

>Last I checked, TJX and Heartland were both still in business, and I don't think
>any of their security teams ended up in jail or severely unemployed(*).
>It's really hard to argue against those two data points.
>
>'Nuff said.

Why would you want to argue for those data points in the first place?  After the breach, TJXs stock immediately dumped 14% to its lowest value of the entire year.  It took ~6 months for it to stabilize around pre-breach trading.   I'm not sure what actually qualifies for a "Nuff said" closer here, but I think stock quotes are a pretty good candidate over position cycling.  

But to be specific, that isn't what Sweeny said anyway.  He said hacking effect on "brand identity" not "value."   That said, if he considers a 6 month stock recovery from a 14% drop a "little dip" then I'm envious of his portfolio (and is actually a point worth making to establish his reference).  How Shostack took that to mean that breaches don't have business consequences and that a Day of Reckoning is coming for those who say it does is something I just can't see, but I think it is safe to assume that his opinion is not based on owning TJX stock.

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ